A lot can happen overnight, and in the case of professional social network LinkedIn, the company is likely waking up with a big headache this morning. On top of a security flaw being discovered with its mobile calendar feature, the company is also facing a security breach with millions of user passwords potentially leaked online.

The LinkedIn Blog has responded to accusations late Tuesday that the company’s mobile apps are collecting user data from the opt-in calendar feature, including potentially sensitive meeting notes, appointment times and even the names of attendees.

“In order to provide our calendar service to those who choose to use it, we need to send information about your calendar events to our servers so we can match people with LinkedIn profiles,” the company explains in a blog post. “That information is sent securely over SSL and we never share or store your calendar information.”

The company’s Android app has already been updated with improvements, which include no longer sending data from the meeting notes section of calendar events, as well as the addition of a “learn more” link for users who want to know more about how such data is being used. LinkedIn has submitted an iOS update to the App Store, which “will be available shortly.”

The second mid-week headache for LinkedIn could be even more serious, however. According to The Verge, “a user in a Russian forum is claiming to have hacked LinkedIn to the tune of almost 6.5 million account details” -- 6,458,020 encrypted passwords, to be exact.

While usernames were not part of the data posted, it appears that they have indeed been downloaded by the hacker. Although the passwords are hashed with SHA-1 for additional security, users are advised to log in and change their password, just to be safe.

There’s an outside chance that the hacker’s claims could be bogus and LinkedIn has yet to comment on any potential breach, but either way, it’s not a good day to be an executive at the company -- nor a member of its IT department, it seems.